Remote Code Execution Vulnerability in Vacron Camera Products
CVE-2025-8613

7.2HIGH

Key Information:

Vendor: Vacron
Status: Camera
Vendor: CVE Published:; 2 September 2025

What is CVE-2025-8613?

A critical vulnerability in Vacron Camera systems allows remote attackers to execute arbitrary code through a flaw in the webs.cgi endpoint. This issue arises due to insufficient validation of user input, enabling attackers to craft malicious commands that can be executed with root privileges. Exploitation of this vulnerability necessitates user authentication, making it crucial for administrators to implement security measures to mitigate the risks associated with this security flaw. For further details and advisory, see the Zero Day Initiative report.

Affected Version(s)

Camera multiple

References

https://www.zerodayinitiative.com/advisories/ZDI-25-805/

x_research-advisory

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 2, 2025
Vulnerability Reserved
Aug 5, 2025